As a largely backend-based service, our main client-facing channel is our web-based dashboard. We have just released v2 of the dashboard, and I would like to take some time to walk you through the various new features we have added to make your analysis workflow easier.
As a largely backend-based service, our main client-facing channel is our web-based dashboard. We have designed the dashboard with simplicity and ease of use in mind, and as such the app is still very much a MVP, without the bells and whistles you may be accustomed to seeing in other systems. While the system may appear to lack complexity, it certainly makes up for it in speed.
To celebrate the launch of the new dashboard, let’s take some time to walk you through the various new features we have added to improve your analysis workflow.
Here is a brief list of the new features, in no particular order:
- Search for multiple files, using a mix of hashes or search modifiers
- Download malware samples directly from the Search Results screen
- Cater for security providers that fall outside of the core circle of antivirus vendors
- Select and download (multiple) sample(s) from Search Results screen
- Tags showing malware families and categories
- List of antivirus engines is now sorted alphabetically in A-Z order
- Alert-me function (hash subscription) notifying you when a hash arrives in DB
- Fetch and upload a file from a URL
- Notify when file upload & antivirus scan is complete
- Extended file details with TrID and File Origin
- Added file level tools (report issue, copy to cURL and scan change notification)
- In-app notifications (updates and new features)
- Sandbox integration (coming in Q1/2022)
Let’s summarize each of these features with a little more detail and visuals.
Search for multiple files, using a mix of hashes or search modifiers
Allows you to search for multiple files. You can either search by entering multiple hashes (can be a mix of md5, sha1 or sha256) or by using search modifiers. For example, you can search for these three files by entering them on a single line, separated by a space.
Alternatively, you can now also search by using various Search Modifiers:
- detections: number of av detections
- family: belongs to a malware family
- hash: MD5/SHA1/SHA256 hash(es)
- tag: has the following tag(s)
- identity: has the following identity (malware, mobile, etc.)
- date_after: first seen after this date (YYYY-MM-DD)
- date_before: first seen before this date (YYYY-MM-DD)
For example, the search query:
family: generickd; date_after: 2021-11-01
will return all the files tagged as belonging to the “generickd” malware family, seen as of November 1st, 2021.
From the Search Results, you can either download a single malware sample using the download icon in the Actions column, or download multiple files by checking the boxes in front of the desired files and clicking on the Download Selected Files button. Multiple files are combined and made available for download as a single file archive.
Tags showing malware families and categories
Tags are shown in the File Details screen, right under file name and hash. Malware family is indicated with red, other tags are shown as gray.
List of antivirus engines is now sorted alphabetically in A-Z order
In the Detections tab of the File Details screen, the list of antivirus engines is now sorted alphabetically in A-Z order, instead of reverse order.
Alert-me function (hash subscription) notifying you when a hash arrives in DB
When a user searches for a hash that is not found in our database, the system allows the user to set an alert (or a marker) for the system to generate a reminder if/when the desired hash gets added to our database at a later time. For example, let us do a search for “39a434d45cdd32094db9c2d474fdeff4”.
We see that at this point this file is not available in our database. Click on the “click here” link to add this hash to a wish list of files, or what we call “Hash Subscriptions”.
You will see a visual confirmation that “Subscription was created successfully”. When a file in your wish list arrives in our system, you will receive a notification email as shown below:
You can manage your wish list from the Hash Subscriptions screen, where you can also add hashes directly.
Fetch and upload a file from a URL
This is an addition to the File Upload screen. It allows you to fetch (and upload) a file directly from a remote location, instead of having to download the file first. It will “refang” defanged URLs. For example, let’s enter:
File is prepared for upload. Notice the URL has been “refanged”. All you have to do now is press the Upload button for the system to fetch and upload the file automatically to the system. The system will notify you in case the file no longer exists.
Notify when file upload & antivirus scan is complete
During busy times you can upload a file and switch to a different browser tab to continue your work – the system will notify you when the file has been uploaded and successfully scanned by placing a temporary notification (red dot) on the dashboard browser tab.
Extended file details with TrID and File Origin
Added TrID and File Origin to the File Details screen, with TrID being a much-requested feature from the initial dashboard release.
Added file level tools (Copy to cURL, Report Issue and Subscribe)
We have also added some customer requested features to the File Details screen. Copy to cURL copies the current file hash to an API call you can paste into a terminal. Report Issue allows you to send us a message about the file, for example to report a false positive. The Subscribe functionality here tags the file to report back when its scan status changes, i.e., when the file is detected by more engines.
In-app notifications (updates and new features)
Added an in-app notification service that pops up when updates or new features have been added to the service. We are using Headway App (https://headwayapp.co/) for this. Clicking the bell icon (top right of the screen) will show you a list of updates.
Clicking on an item will show you more detail.
You can always head over to our updates (https://headwayapp.co/vxintel-changelog) page on Headway to view the full list of updates.
Sandbox integration (coming in Q1/2022)
One feature that did not make it in this version unfortunately, is the sandbox integration. Due to the complexities of integration, we have decided to add the sandbox at a later time to allow more time for testing. We expect this to be some time late in Q1/2022.
That’s all for now! We will be adding additional tooling in v3 next year, but we hope you will like this new release in the meantime. If you have any questions, please feel free to ping us on firstname.lastname@example.org.